STATUS OF ISB ACTION ITEMS

Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 OIT TFZ" LOGGFi OIT 0154-87 16 APR 1987 MEMORANDUM FOR: Executive Director VIA: Deputy Director for Administration FROM: Edward J. Maloney Director of Information Technology SUBJECT: Status of ISB Action Items (U/AIUO) REFERENCE: Your memo to the ISB, Subject: Memorandum of Agreement, undated. 1. At the 6/7 November Information Systems Board off-site, several action items were assigned to OIT (see reference). I would like to take this opportunity to report to you on the status of these tasks. By my count OIT had seven of these items, and I believe we are making good progress. 2. Four "technical" items were assigned OIT. The first was to develop a strategy to support the "diskless PC" concept. The second was to develop an archiving strategy for our mainframe computers, the third was to develop a network model for resource allocation purposes, and the fourth was to identify some testbeds for examining the feasibility of advanced technical solutions. 3. With respect to "diskless PCs," we expect to have an OIT draft plan this month. In general, we are pursuing near-term and long-term solutions simultaneously. In the short-term, we will look to disabling the "write" hardware on PCs already purchased by the DO. Further out, we expect the marketplace to provide us with suitable hardware and software. For example, we currently are exploring the suitability of the IBM 3192. Assuming it can pass TEMPEST requirements. tis PC offers a potentially low-cost ($2,000) solution to the problem. 4. The archiving problem is primarily a management issue rather than a technological question. While the technology exists to meet likely customer demands for on-line storage, Agency managers must evaluate the cost (financial as well as physical space) associated with a given storage requirement and Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7  Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 25X1 25X1 SUBJECT: Status of ISB Action Items the value returned for meeting that requirement. We are coordinating an OIT draft analyzing the situation and plan to provide recommendations this month. We will involve customer offices with any decisions that affect storage capabilities. 5. As you know, arranged for a contractor to brief the ISB on an information systems resource allocation model. Our next step is to revise the model, incorporating customer input regarding the value of services. We anticipate this will be accomplished by 20 May. We will then have, for the first time, an analytical tool for guiding our resource investment. I see this project as being particularly exciting and having a high pay-off for senior management. 6. We also believe a network flow model will be useful for service provider management. We will be working on such a model in the coming year and will keep you apprised of its status. We also will brief appropriate audiences on its progress. 7. We have requested the Customer/Standards Committee to identify a handful of potentially useful advanced technical solutions of interest to the components as test-beds in order to ensure continuing innovation in our systems. The Committee is still exploring this idea, and, as soon as candidates are identified, we will quickly develop a plan of attack. 8. In the planning and management areas, we were also assigned three tasks. First, you asked that we develop waiver criteria for OIT Information Processing Standards. A draft of these criteria has been developed and is being coordinated within OIT. We expect to submit this draft to the Customer/Standards Committee for their review in the very near future. Second, you requested that we work with the Comptroller to expand the "Tab 13" process to include all information systems (it currently applies to communications requirements only). After discussion with the Comptroller's Staff, we jointly agreed to improve the New Initiative coordination process in lieu of instituting a burdensome "Tab 13" review process. It was the collective judgment of all parties that improving coordination prior to program initiation would address most of our concerns and yet limit the burden on components. A memorandum on our findings has already been sent to you. 9. The third and final planning and management task concerned the development of a policy statement on component responsibilities in the information systems arena. The intricacies of this issue make it particularly difficult to address comprehensively in a memo format. Therefore, I believe that we should discuss this subject together. Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7  Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 10. I am pleased with the progress we have made on the ISB action items. True, we have not met the originally requested deadlines, but as we explored problems we learned how ambitious these original dates actually were. In my mind, we are making good headway and should begin to see results shortly. (U/AIUO) Ed and . Malogtif Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7  Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 CONFIDENTIAL MEMORANDUM TO: Information Systems Board FROM: Executive Director SUBJECT: - Memorandum of Agreement 25X1 The Information Systems Board met for a two day conference Thursday I)tixl and Friday, 6-7 November 1986. Attending were: (ExDi 25X1 (D/OIR), C/IMS), Ed Maloney (D/OIT), (D/OC) 25X1 (D/Comet (for the ADDS& (DD/OIR 25X1 (DC/IMS) (ORD), (O/ExDir), and (ISB Executive Secretary). The Boar discussed the following issues an agreed on the listed actions. (The Chairman established the action due dates in parentheses). The Board also agreed that these decisions and actions should be publicized throughout the Agency in order to provide maximum guidance and direction to employees. Statement of Commitment - (ISB ACTION) The Board agreed to draft and publicize an information technology statement to provide broad Agency-wide guidance and direction (by January 1987). The first draft of that statement is appended, and will be discussed (at the ISB meeting on 8 December). Security - The Board called for a comprehensive set of security standards for systems, rules for system users, a realistic program of investment and procurement to support and enforce the standards and rules, and protected funding for the investment and procurement program. (DDA ACTION) On behalf of The Board, the Chairman asks the ODA: (1) to form a task force to review security standards and rules for automated systems and users and . prepare a statement detailing Individual, component, and central service security responsiblli- ties (by February 1987), (2) to suggest serious and immediate upgrades to our auditing program as our first line of defense (by February 1987), (3) to fix responsibility clearly for a comprehensive Headquarters Information Technology Security Program, and (4) to undertake a thoughtful program of continuing education for all employees on the rules and responsibilities of automated system use. ? ?1? (017 "ACTION) Recognizing the complex Issues presented by locall-ellect,01111C RIME storage capabilities inherent in personal computers, The Board further asked that OIT study the technical feasibility and desirability of methods other than encryption for securing PC storage media -- such as using 'diskiess' PC's or secure, remote local storage--(by March 1987). Responsibility - The Board was In general agreement on the division of labor between the providers and customers of Information services, describing that division as a 'federal system" in which some computing services are centrally controlled, maintained and directed, and some are locally controlled by the components. ermcincsrYmer Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7  Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 CONFIDENTIAL Page 3 *2* (OIT ACTION) The Board asked OIT to prepare a draft ISB Policy Statement (by February 1987) on. customer support detailing the responsibilities mix between the central services and the components, and the responsibilities of individual employees and vendors. (OIT ACTION) As a first step toward resolving some important data storage issues, the Board agreed that OIT should draft a proposal (by February 1987) for archiving stored data in order to relieve some of the immediate pressure on direct-access storage. Human Resources - (ISB ACTION) The Board intends to `actively monitor" the Agency Compensation Task Force's efforts to redo the compensation system for information technology specialists. In particular, the ISB will urge the task force to consider greater responsibility and flexibility for line supervisors in controlling and managing personnel resources. Compatibility - The Board determined that the issue of compatibility and the need to comply with cooperatively agreed-upon technical standards is a fundamental issue for the Agency. Several decisions were made as a result. (1) It will be Agency policy not to approve procurement of any information technology systems which do not meet connectivity and other technical standards adopted by the Customer Standards Group (CSG). All equipment pro- cured under which requires D/OIT and C/ISSD approval, must meet these standards -- regardless of intended uses. The Board accepts the responsibility for reviewing all requests not resolved by the D/OIT for exceptions to the agreed-upon technical standards. (2) (OIT/CSG ACTION) On behalf of the ISB, the D/OIT will task the Customer Standards Group to develop criteria under which systems seeking exception to the Agency's standards will be judged. (3) (OIT/CSG ACTION) The D/OIT will also task the CSG to identify a handful of potentially useful advanced technical solutions of interest to the components as test-beds in order to ensure continuing innovation and evolution in our systems. (4) (OIT/CSG ACTION) The Board will continue to monitor the efforts of the Customer Standards Group in establishing technical and service standards and asks OIT and the CSG to give wide publicity to these criteria and standards once adopted. (5) (OIT/CSG ACTION) The Board asks OIT and CSG to brief it on plans for accomplishing thess tooks (at the December S. ISO meeting). (ORD ACTION) Recognizing[_ that there is a need for cmmpertmeeted t Yt processing capabilities which must be separated from the central systems, the Board endorsed the formation of an inter-directorate group, chaired by ORD, to Investigate such requirements and to draft criteria for such systems In order to limit the number of different solutions to a handful of the most generally useful (by March 1987). Planning and Management - (OIT/COMPTROLLER ACTION) The Board agreed to an OC and Comptroller recommendation to extend the Comptrollers "Tab 13" process -- Cf1PJ V NTIAt Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7  Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7 CONFIDENTIAL Page 4. whereby components can detail their Communicat1cns requirements for the coming budget years and OC analyzes the cost of these -- to include data processing requirements beginning this year. *4?, (OC/OIT ACTION) The Board welcomed OlT and OC's offer to cooperatively create a resource model of Agency world-wide networks and systems by 1 February to be used to support planning and budget preparation. (ISB/COMPTROII.LER ACTION) The ISB will review all now information technology initiatives at its meeting on February 2. The Comptroller will make available one page descriptions of these initiatives for ISB review, together with an initial evaluation of these proposals. CONFIDENTIAL Declassified in Part - Sanitized Copy Approved for Release 2011/12/05: CIA-RDP89GO0643R000900130007-7